Privacy Policy

Protecting your data with transparency and care.

  1. INTRODUCTION

This Privacy Policy and Consent Notice is issued by Nuevata Innovations Pvt Ltd ("Company", "we", "us", "Nuevata", or "our") in compliance with the Digital Personal Data Protection Act, 2023, and other applicable healthcare regulations such as the Clinical Establishments Act, 2010. This notice is addressed to individuals (referred to as “Data Principals”) whose personal and sensitive personal data is collected during medical and surgical procedures conducted at or by hospitals/clinics associated with Nuevata.

Nuevata Innovations Pvt Ltd (“Company”, “we”, "Nuevata", or “our”) is committed to protecting the privacy of individuals whose data is collected, stored, processed, or shared in the course of providing healthcare-related services, including surgical procedures and post-operative care. This Data Protection and Consent Policy is framed in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), Clinical Establishments Act, 2010, and other applicable regulations.

  1. DEFINITIONS


  • Data Principal: The individual (e.g., patient) to whom the personal data relates.

  • Data Fiduciary: Nuevata Innovations Pvt Ltd, responsible for determining the purpose and means of processing personal data.

  • Data Processor: Any third-party vendor or service provider including partner hospitals, labs, cloud providers that processes data on behalf of Nuevata.

  • Sensitive Personal Data: Includes health records, biometric data, surgical videos, medical history, etc.

  1. PURPOSE OF DATA COLLECTION

Nuevata Innovations Pvt Ltd collects personal and sensitive personal data during surgical procedures and associated healthcare services strictly for legitimate and clearly defined purposes. The data is handled with the highest degree of confidentiality and in accordance with the Digital Personal Data Protection Act, 2023, and other applicable laws. The purposes for which data is collected include:

a. Clinical Documentation and Treatment Planning

  • To accurately record all relevant clinical details before, during, and after surgical procedures.

  • To ensure continuity of care by enabling treating physicians, anesthetists, and other healthcare professionals to refer to recorded data for follow-up treatment, consultations, or future procedures.

  • To assist in diagnosis and treatment customization based on patient history, imaging, pathology reports, and operative recordings.

  • To store and retrieve surgical videos or intra-operative records for the patient’s medical file, as mandated by medical protocols and surgical quality standards.

b. Regulatory and Medico-Legal Compliance

  • To fulfill the requirements laid down by regulatory authorities such as the National Medical Commission, Ministry of Health & Family Welfare, Clinical Establishments Act, 2010, and local state health regulations.

  • To maintain records in a manner that can be audited or reviewed by competent authorities in case of inspections, investigations, or litigation.

  • To preserve legally admissible documentation of surgical procedures that may be required in case of medical negligence claims, insurance reimbursements, or court proceedings.

  • To meet the record-keeping obligations for retention of medical and surgical records for the prescribed duration (usually a minimum of 8 years).

c. Quality Control, Internal Audits, and Research (With Anonymisation)

  • To enable internal quality control teams to periodically review procedures for adherence to standard operating protocols (SOPs) and clinical best practices.

  • To identify gaps, errors, or deviations in clinical execution and propose continuous improvements in medical care.

  • To anonymise data (removing all patient-identifiable elements) for use in internal and collaborative research projects aimed at enhancing patient outcomes, procedural efficiency, and hospital policy development.

  • To allow external institutional ethics committees or academic collaborators to audit anonymised data, wherever permitted.

d. Educational or Training Purposes  

  • To use anonymised or consented recordings of surgical procedures, patient case histories, or diagnostic charts as training material for medical students, residents, or clinical staff.

  • To conduct Continuing Medical Education (CME) sessions, workshops, or simulation-based learning using real but de-identified patient cases, with proper permission.

  • To publish findings or showcase procedural footage (after blurring/obscuring patient identity) in journals or conferences with written consent from the Data Principal.

  • Under no circumstances will data be used for public distribution, marketing, or commercial use without specific informed consent.

  1. TYPES OF DATA COLLECTED

We may collect personal and sensitive personal data including your name, gender, age, and contact details; government-issued identification such as medical history, diagnostic results, clinical notes, surgical videos and images; biometric or visual data captured during medical or surgical procedures; and communication records, including those related to your consent.

  1. CONSENT AND LEGAL BASIS FOR PROCESSING

We collect and process your personal and sensitive personal data only after obtaining your free, informed, specific, and unambiguous consent. This consent is provided by you before or at the time of data collection and may be withdrawn at any time. We ensure that you are fully aware of the purposes for which your data is collected and used, and your rights under the applicable law. Withdrawal of consent will not affect the lawfulness of data processing carried out prior to such withdrawal, but it may impact our ability to continue providing services to you. Upon withdrawal, your data will be retained only as required for compliance with applicable laws and regulatory obligations.

  1. STORAGE

We process personal and sensitive personal data only to the extent necessary for the purposes stated in this policy, in accordance with the principles of purpose limitation and data minimisation. The data is accessed strictly by authorised personnel and is protected through appropriate organisational and technical measures to prevent unauthorised access, alteration, or disclosure. Personal data is retained only for as long as necessary to fulfill the lawful purposes for which it was collected, or as required under applicable legal, regulatory, or clinical obligations. Upon the expiry of such period, the data is securely disposed of or anonymised in compliance with applicable data protection laws.

  1. SHARING OF DATA

Your personal and sensitive personal data may be shared with third parties strictly on a need-to-know basis and only for legitimate purposes connected to your care, compliance with legal obligations, or fulfilment of services. This may include sharing with treating physicians, hospitals, clinical staff, or medical consultants who are involved in your diagnosis, treatment, or post-operative care. We may also share your data with regulatory or governmental authorities when required to do so by applicable law, court orders, or official investigations. In addition, your data may be shared with carefully vetted third-party service providers, such as cloud storage providers, diagnostic labs, or IT partners, who process data on our behalf under binding contractual obligations to ensure confidentiality, data security, and compliance with applicable privacy laws. These data processors are prohibited from using your data for any purpose other than what is authorised by Nuevata Pvt Ltd. We do not sell your personal data under any circumstances, nor do we share it for advertising or direct marketing purposes without your explicit consent.

  1. RIGHTS OF DATA PRINCIPAL

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have several important rights in relation to your personal data. You have the right to request access to your personal data that is being processed by us, including information about the nature of the data, the purpose of processing, and the categories of recipients with whom it may have been shared. You also have the right to request correction of any inaccurate, incomplete, or misleading data to ensure that your records are current and accurate. At any time, you may withdraw the consent previously given for the processing of your personal data; however, please note that such withdrawal may affect our ability to continue providing certain services to you, and does not affect the lawfulness of processing based on consent prior to its withdrawal. You further have the right to be informed about the identities of third parties, if any, with whom your personal data has been shared, subject to applicable confidentiality and legal restrictions. If you believe that your rights under this policy or the applicable law have been violated, you have the right to file a grievance with our designated Data Protection Officer (DPO), who will respond to your concern within the timelines prescribed under the law.

  1. GRIEVANCE REDRESSAL

For any issues or questions related to your data:

Data Protection Officer (DPO)
Nuevata Innovations Pvt Ltd
Email: legal@nuevata.com
Phone: +91 91455 33483

  1. UPDATES TO THIS POLICY

This Privacy Policy may be updated to reflect changes in laws or practices. The latest version will always be available on our website.

  1. TERMS OF ACCEPTANCE

By providing your consent (physically or digitally), you agree to:

  • Allow Nuevata Innovations Pvt Ltd to collect, use, store, and share your personal and sensitive health data for the purposes mentioned above.

  • Understand that withdrawal of consent may affect your access to certain services.

  • Accept this policy as binding on your interaction with us.